Inspector General Audit Looks at NRC’s Employee Card Access System

An Office of the Inspector General audit of the NRC’s Personal Identity Verification card access system is now available. The audit set out to determine whether the NRC’s PIV card access system met its operational requirements, and to assess the effectiveness of coordination among offices with a role in securing NRC’s physical access.

The PIV card is an ID card issued by a federal agency. It contains information unique to each employee and contractor. The card’s main function is to protect and to strengthen the security of personnel information and physical access to secured areas. The NRC uses the card to control access at its headquarters and regional offices.

The OIG found that the agency’s PIV card access system met its requirements, and there is some coordination among offices with a role in securing NRC’s physical access. However, opportunities exist to strengthen processes to ensure more PIV cards are retrieved when employees leave service. Opportunities also exist to establish a uniform and effective way for security officials to be notified of changes to contractor and employee access for restricted areas.

The audit found that PIV cards for terminated contractors and employees are not always retrieved, and that retrieval procedures have not been established. The OIG identified that of 1,452 terminated PIV cards over a 22-month period (January 2014 through November 2015), about one third were not collected from the personnel. As a result, there is a risk of unauthorized physical access to NRC and other federal facilities.

In addition, the OIG found, the NRC is not always notified of changes in staff/contractor access rights for restricted areas. Consequently, the potential exists for unauthorized access into a restricted area by personnel who should no longer have access.

The report makes seven recommendations to improve the system, reduce physical security risk across the agency, and ensure continued compliance with federal regulations and guidance.

NRC management stated their general agreement with the audit findings and recommendations.

Mr. Dingbaum — Instead of spending big bucks on the OIG audit (what did it cost anyway?), why not charge every contractor $2500 per card which will be 100% refunded IF the card is surrendered at the proper time, with $100 per day penalty if it is not. You can be sure that almost everyone would then “do the right thing”.

An inescapable fact is that whenever harm occurs it is certain that there were no effective barriers to protect the item harmed from the hazards that resulted in the harm as it occurred. For advocates and aficionados of the Swiss Cheese Model , an inescapable fact is that when harm occurs every slice of cheese either had a crucial hole in it or the slice did not exist. Corrective/ preventative actions, when effective, involve improvements in barriers and/or measures to reduce reliance on inherently weak barriers.

Observation: If any slice of cheese had been American, not Swiss, the accident would not have happened.

“It was as if the pitcher kicked the soft bunt past the shortstop to guarantee a triple.”-A hand-wringing manager

Sorry NRC but what a waste of our taxpayer dollars! You have nothing more important on your platter than this to audit?! If you want to look at access why don’t you look harder at access to our nuclear power plants, or our vulnerable spent fuel pools scattered across our country, many in the backyard of highly-populated areas?! Or perhaps access to the many dams upstream from these vital potential terrorist targets. And while you are there note just how vulnerable these dams are to anyone with or without authorized access. NRC, try focusing on your stated mission of protecting the health and safety of the public for a change!

Archives

Archives

Comments on blog posts do not represent official NRC communication, and links to internet sites other than the NRC website do not constitute the agency’s endorsement of that site’s content, policies or products. Please read our Disclaimer for more information.